How to make two-factor authentication less of a pain

Joe Kissell |
July 2, 2014

Two-factor authentication is a bother as it requires an extra, manual step. Here are a couple of ways to reduce that inconvenience.

You probably know by now that you should never use the same password in more than one place, and that each of your passwords should be strong enough to resist an automated attack. Perhaps you use iCloud Keychain, or a third-party password manager such as 1Password or LastPass to generate random passwords, store them, and fill them in automatically. But all that may not be enough if a site suffers a security breach that reveals its users passwords to an attacker—sadly, a frequent occurrence.

At the moment, the best defense against such attacks is two-factor (or two-step) authentication, in which you need more than just a username and password to log in on an untrusted device. You also need a second element, which often takes the form of a numeric string sent by SMS and so foils any attacker who has your password but not your phone. Most major Internet companies offer two-factor authentication as an option—you can read how to set this up for your Apple ID (which now applies to the iCloud website as well), Dropbox, Evernote, Facebook, Google, and Twitter, for example.

The problem with two-factor authentication is that it's a bother, requiring an extra, manual step. Usually you have to do this only once per device or app, after which point ordinary logins work, but even so, it's a pain. Here are a couple of ways to reduce that inconvenience.

Use an authenticator app Many services that use two-factor authentication let you use an iOS app—in lieu of SMS—to obtain that secondary authorization code. (This option is handy because SMS isn't always reliable or prompt, it's useless in locations where you have no cellular signal, and won't help you if you're using an iPad rather than an iPhone.) In some cases, two-factor authentication uses the service's own app. For example, in the Facebook iOS app, you tap More > Code Generator to see the current code. Similarly, Apple can now use the Find My iPhone app to deliver codes (such as when you're logging in to iCloud.com) via a push notification, as an alternative to SMS. And Twitter has a unique approach: you can set it up to use its iOS app for two-factor authentication without requiring a code at all.

But most services use a free, third-party iOS app such as Google Authenticator to generate the codes. You start by logging in to a service's website and finding its two-factor authentication settings page. There you'll typically find either a QR code or an alphanumeric key. Open your authenticator app, add a new account, and either scan the QR code with your camera or type in the key. From then on, the app generates the secondary codes, for each of your accounts, every 30 seconds.